Firms say risk management bigger, but not better

NEW YORK - Actions taken by firms to strengthen their risk management procedures are too often proving ineffective and possibly counter-productive, a survey has revealed.

According to Ernst & Young's Future of risk survey, in which more than 500 senior executives were interviewed, 61% of respondents now say they do not plan to commit more resources to risk management over the next 12-24 months.

The survey shows the number of risk management functions has increased to keep up with compliance requirements but, despite this increase, the coverage and focus of these areas have become both increasingly difficult to manage, and the situation has been compounded by a lack of alignment.

"Although many organisations have boosted the size and reach of their risk management functions, this does not always equate to an increase in effectiveness," says Norman Lonergan, Ernst & Young's global advisory leader based in London. "Too few organisations can claim that shared reporting, data exchange and co-ordination consistently occur among their various risk management functions.

"In the end, this only leaves the organisation more vulnerable to the threat of risk."

For example, 73% of respondents indicate they have seven or more risk functions, but 67% have overlapping coverage among two or more risk functions, with half of those reporting they have gaps in terms of coverage.

"Risk management functions within an organisation often exist in silos that are disconnected from one another and the wider business strategy," says Gerry Dixon, global risk leader at Ernst & Young based in New York. "As a result, risks identified in one area might not be communicated or recognised by another. Moreover, different areas within an organisation might have different views on the severity or importance of certain risks."

Dixon adds: "Leading companies are creating a competitive advantage by using the economic downturn as an opportunity to make practical yet valuable improvements to the way risk is managed.

"More than ever, organisations need to have a comprehensive and co-ordinated risk management approach with strong executive oversight and board of director governance. The opportunity to make those changes is now."

The survey was conducted for Ernst & Young by the Economist Intelligence Unit in June and July and is available here.